With development of a network application, online shopping, online games, online trading, and the like are increasingly richer; and a value of a network account of a user is increasingly higher, actions of stealing a user account and various virtual properties run wilder and wilder, and various account properties of the user face a very stern test. Therefore, when the user performs actions such as logging in to a network account, payment, and virtual property trading, it is indispensable to verify the real identity of the user.
Currently, identity verification is implemented mainly by the user by entering a static password or a dynamic password that is registered in advance to a computer or a terminal in another form. In this verification manner, by using either the static password or the dynamic password, the user is faced with a risk that a third party (an account stealer) may cheat the user with Trojan viruses or in another manner to obtain the password and pretend to be the user to perform verification. After the user enters an identity credential, the third party may steal the account by using this credential, and moreover, this verification manner increases learning costs and operation costs for the user.